Trusted Firmware Deep Dive. Dan Handley Charles Garcia-Tobin

Transcription

1 Trusted Firmware Deep Dive Dan Handley Charles Garcia-Tobin 1

2 Agenda Architecture overview Memory usage Code organisation Cold boot deep dive PSCI deep dive 2

3 Example System Architecture Normal World Secure World EL0 Guest A App 1 Guest A App 2 Guest B App 1 Guest B App 2 Trusted App 1 Trusted App 2 Secure EL0 EL1 Guest Linux Kernel A Guest Linux Kernel B Trusted OS Boot Firmware Secure EL1 EL2 UEFI Hypervisor Key SMC EL3 Execution EL3 Runtime EL3 Firmware (Secure Monitor) Boot Firmware Secure EL1 / EL0 Execution EL2 Execution EL1 / EL0 Execution SMC Calling Convention Interface (ARM DEN 0028A) is gateway to: Runtime EL3 Firmware Trusted OS / TEE services Power State Coordination Interface (PSCI) (ARM DEN 0022B.b) Transported by SMC calls Also see ARMv8-A Architecture Manual (AR150-DA-70000) 3

4 Example System Architecture Normal World Secure World EL0 Guest A App 1 Guest A App 2 Guest B App 1 Guest B App 2 Trusted App 1 Trusted App 2 Secure EL0 EL1 EL2 UEFI Guest Linux Kernel A Guest Linux Kernel B Trusted OS ARM Trusted Hypervisor Firmware Boot Firmware Secure EL1 Key SMC EL3 Execution EL3 Runtime EL3 Firmware (Secure Monitor) Boot Firmware Secure EL1 / EL0 Execution EL2 Execution EL1 / EL0 Execution SMC Calling Convention Interface (ARM DEN 0028A) is gateway to: Runtime EL3 Firmware Trusted OS / TEE services Power State Coordination Interface (PSCI) (ARM DEN 0022B.b) Transported by SMC calls Also see ARMv8-A Architecture Manual (AR150-DA-70000) 4

5 ARM Trusted Firmware Architecture Normal World Secure World UEFI - BL3 3 EDK2 Core I/O Drivers UEFI Secure Boot Other Tests Test Suite BL3 3_ALT Interrupt Handler PSCI Tests EL1 Arch Context Save/Restore Exception Trapper EL2 Arch Context Save/Restore Test Secure EL1 Payload - BL3 2 PSCI Test S-EL1 Arch Context Save/Restore Service Router Other Test Interrupt Handler Runtime Arch + Platform Init Trusted Boot Firmware - BL2 Boot Time Arch + Platform Init Trusted Board Boot 2 NV Storage Driver Boot ROM - BL1 EL3 Firmware - BL3 1 (Secure Monitor) PSCI SMC Interface Service Router Other EL3 Interfaces World Switcher Interrupt Handler Boot Time Arch + Platform Init Cold/Warm Boot Detection Trusted Board Boot 1 EL3 Arch Context Save/Restore Pwr Ctrl Driver Runtime Arch + Platform Init Temp SMC Handler Glossary BL - Boot Loader EDK2 - EFI Development Kit 2 EL - Exception Level NV - Non-Volatile PSCI - Power State Control Interface SMC - Secure Monitor Call UEFI - Unified Enhanced Firmware Interface EL3 Execution Secure EL1 Execution EL2 Execution EL1 Execution Key External Interface Potential Interface Interface Usage 5

6 ARM Trusted Firmware Architecture Normal World Trusted World UEFI - BL3 3 EDK2 Core I/O Drivers UEFI Secure Boot Other Tests Test Suite BL3 3_ALT Interrupt Handler PSCI Tests EL1 Arch Context Save/Restore Exception Trapper EL2 Arch Context Save/Restore Test Secure EL1 Payload - BL3 2 PSCI Test S-EL1 Arch Context Save/Restore Service Router Other Test Interrupt Handler Runtime Arch + Platform Init Trusted Boot Firmware - BL2 Boot Time Arch + Platform Init Trusted Board Boot 2 NV Storage Driver Boot ROM - BL1 Not Available Yet EL3 Firmware - BL3 1 (Secure Monitor) PSCI SMC Interface Service Router Other EL3 Interfaces World Switcher Interrupt Handler Boot Time Arch + Platform Init Cold/Warm Boot Detection Trusted Board Boot 1 Partially Available EL3 Arch Context Save/Restore Pwr Ctrl Driver Runtime Arch + Platform Init Temp SMC Handler Glossary BL - Boot Loader EDK2 - EFI Development Kit 2 EL - Exception Level NV - Non-Volatile PSCI - Power State Control Interface SMC - Secure Monitor Call UEFI - Unified Enhanced Firmware Interface EL3 Execution Secure EL1 Execution EL2 Execution EL1 Execution Key External Interface Potential Interface Interface Usage 6

7 ARM Trusted Firmware Boot Flow Normal World Trusted World To Hypervisor / Linux Kernel Other Tests Test Suite BL3 3_ALT Interrupt Handler PSCI Tests EL1 Arch Context UEFI - BL3 3 BL3 Save/Restore 3 EDK2 Core (Alternative) Exception Trapper I/O Drivers BL3 UEFI Secure 3 EL2 Arch Context Boot Save/Restore Test Secure EL1 Payload - BL3 2 PSCI Test S-EL1 Arch Context Save/Restore Service Router Other Interrupt BL3 Test 2 Handler Runtime Arch + Platform Init Trusted Boot Firmware - BL2 Boot Time Arch + Platform Init BL2 Trusted Board Boot 2 NV Storage Driver 2 nd level Boot Loader (BL2) loads all 3 rd level images EL3 Firmware - BL3 1 (Secure Monitor) PSCI EL3 Arch Context Save/Restore SMC Interface Service Router BL3 1 Other EL3 Interfaces Pwr Ctrl Driver World Switcher Interrupt Handler Runtime Arch + Platform Init Boot ROM - BL1 Boot Time Arch + Platform Init Cold/Warm Boot Detection BL1 Trusted Board Boot 1 Temp SMC Handler 1 st level Boot Loader (BL1) loads 2 nd level image RESET Glossary BL - Boot Loader EDK2 - EFI Development Kit 2 EL - Exception Level NV - Non-Volatile PSCI - Power State Control Interface SMC - Secure Monitor Call UEFI - Unified Enhanced Firmware Interface EL3 Execution Secure EL1 Execution EL2 Execution EL1 Execution Key External Interface Potential Interface Interface Usage 7

8 Current Memory Usage on FVP Storage Secure ROM BL1 code Semi-hosting BL1, BL2, BL3 1 and Linux kernel code. NOR UEFI code Virtio Block Linux file system Intend to use this for BL images instead of semihosting 8

9 Current Memory Usage on FVP Storage Secure ROM BL1 code Semi-hosting BL1, BL2, BL3 1 and Linux kernel code. NOR UEFI code Virtio Block Linux file system Intend to use this for BL images instead of semihosting Execution Secure ROM BL1 code Secure SRAM BL1 data (bottom) BL2 code & data (top) BL3 1 code & data (middle, above BL1) Secure DRAM Hand-off structures between BL images When secure_memory parameter is defined, will need to program TZC to access DRAM NOR Early UEFI code DRAM UEFI code and data Linux code and data 9

10 Code Organisation arch - Architecture specific code (just AArch64 for now) plat - Platform specific code (i.e. porting layer) bl<x> - BL specific code common - architecture/platform neutral code used by all BLs lib - library functionality common to all other code drivers - e.g. CCI, UART, FVP power controller include docs fdts - not necessarily the final home for these! Conforms to Linux coding standard 10

11 11 COLD BOOT DEEP DIVE

12 CPU States Running. CPU is executing normally Idle. States where OS is aware of CPU being idle Execution resumes if new OS thread needs scheduling or interrupt is received Idle Standby. Typically entered via WFI/WFE and exited via wake-up event All caches and memories required for execution remain powered on and coherent All CPU state (context) is preserved Execution resumes from line after WFI/WFE Idle Retention. Similar to standby except cannot access debug registers Idle Power Down. CPU is powered off CPU state at each EL must be saved Execution starts at the reset vector, after which CPU state at each EL must be restored Local caches may be off Off. States where the OS is not using the CPU for scheduling Execution starts from the reset vector and no CPU state is restored Enabling a CPU in this state requires a Hotplug 12

13 ./bl1/aarch64/bl1_entrypoint.s 13

14 ./bl1/aarch64/bl1_entrypoint.s Always do basic CPU init 14

15 ./bl1/aarch64/bl1_entrypoint.s If PSCI provided an entrypoint, then jump to BL3 1 (either hotplug or resume from idle) 15

16 ./bl1/aarch64/bl1_entrypoint.s If there's no entrypoint and this is the primary CPU, then continue with cold boot 16

17 ./bl1/aarch64/bl1_entrypoint.s Otherwise put the secondary CPU in a safe state (e.g. On FVP, power off CPU) 17

18 ./plat/fvp/aarch64/bl1_plat_helpers.s 18

19 ./plat/fvp/aarch64/bl1_plat_helpers.s Initialize the secure memory used by BL1 (On FVP, just zero out the entrypoint mailboxes) 19

20 ./plat/fvp/aarch64/bl1_plat_helpers.s Create a small stack in "always uncached" memory to allow "C" code execution as soon as possible 20

21 ./plat/fvp/aarch64/bl1_plat_helpers.s "early" means "before MMU is enabled" In this case, just calculate extents of memory 21

22 ./plat/fvp/aarch64/bl1_plat_helpers.s Now create simple page tables and enable MMU / caches 22

23 ./plat/fvp/aarch64/bl1_plat_helpers.s Create a stack in normal memory 23

24 ./plat/fvp/aarch64/bl1_plat_helpers.s Branch to main "C" function, bl1_main() 24

25 ./bl1/bl1_main.c 25

26 ./bl1/bl1_main.c Do remaining architectural / platform setup now we are executing in normal memory with MMU / caches enabled E.g. control registers, generic timer, CCI snoops, console,... 26

27 ./bl1/bl1_main.c Calculate where to load BL2, load it, then run it 27

28 BL2 and BL3 1 Entrypoints are similar to BL1's platform_cold_boot_init() Create a small stack in coherent / always uncached memory) Early platform setup (e.g. unpack image hand-off information) Platform-specific architectural setup (e.g. enable MMU / caches) Create a stack in normal memory Branch to main "C" function for remaining platform / arch setup BL2 loads BL3 <X> images similarly to how BL1 loads BL2 BL2 passes information about BL3 3 (e.g. UEFI) to BL3 1, before running BL3 1 Means that BL3 1 can jump to BL3 3 without going back to BL2 Has to go via BL1 SMC handler to jump from Secure EL1 to EL3 See SynchronousExceptionA64 in./bl1/aarch64/early_exceptions.s 28

29 BL3 1 Initialization Can override any BL1 initialization Reinitializes exception vectors, MMU, control registers, etc... Installs runtime SMC handler Initializes platform for normal world software Initializes GIC, runtime services (e.g. PSCI) Returns from exception into normal world boot loader, BL3 3 (e.g UEFI) 29

30 30 PSCI DEEP DIVE

31 PSCI Status Work in progress. Key functions for boot and hotplug are functional. Idle is next on the radar PSCI_VERSION CPU_ON CPU_SUSPEND CPU_OFF AFFINTY_INFO MIGRATE PSCI Function MIGRATE_INFO_TYPE SYSTEM_OFF SYSTEM_RESET Implementation Status OK OK NOK (code present not ready) OK OK Not present Not present Not present Not present 31

32 PSCI Topology PSCI needs to build a map of system topology How many clusters, cores per cluster etc Used for last man tracking Topology information is provided by the platform using the following functions: int plat_get_max_afflvl() int plat_get_aff_count(unsigned int aff_lvl, unsigned long mpidr) unsigned int plat_get_aff_state(unsigned int aff_lvl, unsigned long mpidr) 32

33 PSCI Topology plat_get_max_afflvl() Returns highest affinity level implemented by the platform e.g. For FVP models: int plat_get_max_afflvl() { return MPIDR_AFFLVL1; } 33

34 PSCI Topology plat_get_aff_count(aff_lvl, mpidr) Given an MPIDR and a level of affinity return how many instances are implemented at that affinity level For example consider 2x3 system: 2 clusters, 2 cores in cluster 0, and 3 in cluster 1 mpidr aff_lvl Return Value 0000 (Cluster 0, Core 0) 0001 (Cluster 0, Core 1) 0 2 (two affinity level 0 instances, or cores, in cluster 0) 1 2 (There are two affinity level 1 instances or clusters in the system) 0100 (Cluster 1, Core 0) 0101 (Cluster 1, Core 1) 0 3 (three affinity level 0 instances, or cores, in cluster 1) 1 2 (There are two affinity level 1 instances or clusters in the system) 34

35 PSCI Topology plat_get_aff_state(aff_lvl, mpidr) Returns whether an affinity instance is present or absent You can use it to deal with hierarchies that are asymmetric For example a cluster and a single core sharing an interconnect Saves on having to take locks for affinity levels that don t exist 35

36 FVP topology FVP model sets up topology information as part of cold boot path (called from primary CPU) bl31_entrypoint bl31_main bl31_platform_setup plat_setup_topology runtime_svc_init psci_setup Bl31/AArch64/bl31_entrypoint.S Plat/fvp/bl31_plat_setup.c Plat/fvp/Fvp_topology.c Bl31/bl31_main.c plat_setup_topology() sets up necessary data to allow the following to work plat_get_max_aff_lvl(), plat_get_aff_count(), plat_get_aff_state() BL3 1 then moves on to set up PSCI 36

37 PSCI Deep Dive After cold boot path calls plat_setup_topology(), it calls psci_setup() This functions create a topology map for the system based on the platform specific functions Map is an array of aff_map_node pointers typedef struct { unsigned long mpidr; unsigned char state; char level; unsigned int data; bakery_lock lock; } aff_map_node; //mpidr of node //[present absent] [PSCI state] //aff level //cookie (holds index into //non-secure data for CPU_ON/CPU_SUSPEND //Lock for node (bakery_lock will be replaced with a more abstract lock API) See psci_setup.c/psci_common.c/psci_private.h 37

38 PSCI Topology psci_aff_map holds topology tree (array of aff_map_node (s)) Held in device ordered memory Array is populated in a breadth first way Aff 3 entities Aff 2 entities Aff 1 entities Aff 0 entities e.g. for a 2x2 system Cluster 0 Cluster 1 CPU 0.0 CPU 0.1 CPU 1.0 CPU 1.1 Additional affinity information arrays: psci_aff_limits : indices to start and end of each affinty level in topology tree psci_ns_entry_info: array of ns_entry_info. Structure to hold entry information into EL[2 1] for CPU_ON/CPU_SUSPEND psci_secure_context: array of secure_context. Structure to hold secure context information that needs saving when powering down 38

39 PSCI Topology psci_setup_up completes by: Initialising the state of the primary CPU (and containing higher affinity levels, e.g cluster) to PSCI_STATE_ON All others default to PSCI_STATE_OFF Calls into platform to set up platform specific PSCI operations plat\fvp\fvp_pm.c int platform_setup_pm(plat_pm_ops **plat_ops) { *plat_ops = &fvp_plat_pm_ops; return 0; } static plat_pm_ops fvp_plat_pm_ops = { 0, // standby (not used in FVP) fvp_affinst_on, // cpu_on will come here fvp_affinst_off, // cpu_off will come here fvp_affinst_suspend, // cpu_suspend fvp_affinst_on_finish, fvp_affinst_suspend_finish, }; // called on wake up path of cpu being turned on // called on wake up path of cpu waking from suspend 39

40 psci_cpu_off common/psci/psci_entry.s psci_cpu_off: func_prologue sub sp, sp, #0x10 stp x19, x20, [sp, #0] mov x19, sp bl read_mpidr bl platform_set_coherent_stack << Switch stack bl psci_cpu_off mov x1, #PSCI_E_SUCCESS cmp x0, x1 b.eq final_wfi mov sp, x19 ldp x19, x20, [sp,#0] add sp, sp, #0x10 func_epilogue ret 40

41 psci_cpu_off common/psci/psci_entry.s psci_cpu_off: func_prologue sub sp, sp, #0x10 stp x19, x20, [sp, #0] mov x19, sp bl read_mpidr bl platform_set_coherent_stack bl psci_cpu_off << do work of switching off mov x1, #PSCI_E_SUCCESS cmp x0, x1 b.eq final_wfi mov sp, x19 ldp x19, x20, [sp,#0] add sp, sp, #0x10 func_epilogue ret 41

42 psci_cpu_off common/psci/psci_main.c int psci_cpu_off(void) { int target_afflvl = get_max_afflvl(); mpidr = read_mpidr(); /* * Traverse from the highest to the lowest affinity level. When the * lowest affinity level is hit, all the locks are acquired. State * management is done immediately followed by cpu, cluster... *..target_afflvl specific actions as this function unwinds back. */ rc = psci_afflvl_off(mpidr, target_afflvl, MPIDR_AFFLVL0); if (rc!= PSCI_E_SUCCESS) { assert(rc == PSCI_E_DENIED); } } return rc; 42

43 psci_afflvl_off FVP success Take Cluster Node Lock Not at AffinityLevel0 so recurse down a level Take CPU Node Lock cpustate = CPU_OFF if last man cluster state = OFF psci_afflvl0_off( ) flush PoU fvp_affinst_off(..,afflevel0, ) take core out of coherency prevent IRQ spurious wakeups power power controller Release CPU Node Lock psci_afflvl1_off( ) if cluster_state == OFF flush to PoC fvp_affinst_off(..,afflevel1, ) disable cci power power controller Release Cluster Node Lock Affinity Level 1/Cluster Affinity Level 0/CPU //bl31/common/psci_afflvl_off.c //plat/fvp/fvp_pm.c //bl31/common/psci_afflvl_off.c //plat/fvp/fvp_pm.c Affinity Level 1/Cluster 43

44 psci_afflvl_off common/psci/psci_aff_lvl_off.c int psci_afflvl_off(unsigned long mpidr,int { cur_afflvl, int tgt_afflvl) bakery_lock_get(mpidr, &aff_node->lock); /* Keep the old state and the next one handy */ prev_state = psci_get_state(aff_node->state); next_state = PSCI_STATE_OFF; /* * We start from the highest affinity level * and work our way * downwards to the lowest i.e. MPIDR_AFFLVL0. */ if (aff_node->level == tgt_afflvl) { } else { psci_change_state(mpidr, tgt_afflvl, get_max_afflvl(), next_state); rc = psci_afflvl_off(mpidr, level - 1, tgt_afflvl); prev_state); } if (rc!= PSCI_E_SUCCESS) { } psci_set_state(aff_node->state, goto exit; rc = psci_afflvl_off_handlers[level](mpidr, aff_node); if (rc!= PSCI_E_SUCCESS) { } exit: psci_set_state(aff_node->state, prev_state); goto exit; bakery_lock_release(mpidr, &aff_node->lock); return rc; When we get to CPU } Level (Aff0) we set state. This also sets higher affinity level states if last man 44

45 psci_afflvl_off common/psci/psci_aff_lvl_off.c int psci_afflvl_off(unsigned long mpidr,int cur_afflvl, int tgt_afflvl) { bakery_lock_get(mpidr, &aff_node->lock); /* Keep the old state and the next one handy */ prev_state = psci_get_state(aff_node->state); next_state = PSCI_STATE_OFF; /* * We start from the highest affinity level * and work our way * downwards to the lowest i.e. MPIDR_AFFLVL0. */ if (aff_node->level == tgt_afflvl) { psci_change_state(mpidr, tgt_afflvl, get_max_afflvl(), next_state); } else { rc = psci_afflvl_off(mpidr, level - 1, tgt_afflvl); prev_state); } if (rc!= PSCI_E_SUCCESS) { } psci_set_state(aff_node->state, goto exit; rc = psci_afflvl_off_handlers[level](mpidr, aff_node); if (rc!= PSCI_E_SUCCESS) { } exit: } psci_set_state(aff_node->state, prev_state); goto exit; bakery_lock_release(mpidr, &aff_node->lock); return rc; Handlers do actual powering down 45

46 psci_cpu_off common/psci/psci_entry.s psci_cpu_off: func_prologue sub sp, sp, #0x10 stp x19, x20, [sp, #0] mov x19, sp bl read_mpidr bl platform_set_coherent_stack bl psci_cpu_off mov x1, #PSCI_E_SUCCESS cmp x0, x1 b.eq final_wfi << all OK final WFI mov sp, x19 ldp x19, x20, [sp,#0] add sp, sp, #0x10 func_epilogue ret 46

47 psci_cpu_off common/psci/psci_entry.s psci_cpu_off: func_prologue sub sp, sp, #0x10 stp x19, x20, [sp, #0] mov x19, sp bl read_mpidr bl platform_set_coherent_stack bl psci_cpu_off mov x1, #PSCI_E_SUCCESS cmp x0, x1 b.eq final_wfi mov sp, x19 << else switch stack back and return ldp x19, x20, [sp,#0] add sp, sp, #0x10 func_epilogue ret 47

48 psci_cpu_on common/psci/psci_main.c int psci_cpu_on(unsigned long target_cpu, unsigned long entrypoint, unsigned long context_id) { int rc; unsigned int start_afflvl, target_afflvl; /* Determine if the cpu exists of not */ rc = psci_validate_mpidr(target_cpu, MPIDR_AFFLVL0); if (rc!= PSCI_E_SUCCESS) { goto exit; } start_afflvl = get_max_afflvl(); target_afflvl = MPIDR_AFFLVL0; rc = psci_afflvl_on(target_cpu, entrypoint, context_id, start_afflvl, target_afflvl); Basic error checking Heavy lifting exit: } return rc; 48

49 psci_afflvl_on FVP success Take Cluster Node Lock Take CPU Node Lock Affinity Level 1/Cluster Affinity Level 0/CPU psci_afflvl1_on( ) fvp_affinst_on(..,afflevel1, ) basic validation psci_afflvl0_on( ) Affinity Level 1/Cluster //bl31/common/psci_afflvl_on.c //plat/fvp/fvp_pm.c //bl31/common/psci_afflvl_on.c store ns_entry_point and context_id (passed from by OSPM) fvp_affinst_on(..,afflevel0, ) //plat/fvp/fvp_pm.c Wait for any pending off to complete (CPU that you are turning ON, Set up a mailbox so booting core takes warm boot path program power controller could have been turning itself OFF) Affinity Level 0/CPU Change CPU Node state to ON_PENDING Change Cluster Node state to ON_PENDING Release CPU Node Lock Release Cluster Node Lock Affinity Level 0/CPU Affinity Level 1/Cluster Affinity Level 0/CPU Affinity Level 1/Cluster 49

50 psci_afflvl_on common/psci/psci_aff_lvl_on.c Set Hierarchy to ON_PENDING int psci_afflvl_on(unsigned long target_cpu, unsigned long entrypoint, unsigned long context_id, int current_afflvl, int target_afflvl) { for (level = current_afflvl; level >= target_afflvl; level--) { aff_node = psci_get_aff_map_node if (aff_node) } Lock bakery_lock_get(mpidr, &aff_node->lock); Call each level s on handler for (level = current_afflvl; } level >= target_afflvl; level--) { psci_afflvl_on_handlers[level](target_cpu, aff_node, entrypoint, context_id); } /* * State management: Update the states */ psci_change_state(target_cpu, target_afflvl, get_max_afflvl(), PSCI_STATE_ON_PENDING); exit: for (level = target_afflvl; Unlock level <= current_afflvl; level++) { bakery_lock_release(mpidr, &aff_node->lock); 50

51 fvp_affinst_on plat/fvp/fvp_pm.c int fvp_affinst_on(unsigned long mpidr, unsigned long sec_entrypoint, unsigned long ns_entrypoint, unsigned int afflvl, unsigned int state) { Ensure entry point is valid if (ns_entrypoint < DRAM_BASE) { rc = PSCI_E_INVALID_PARAMS; goto exit; } if (afflvl!= MPIDR_AFFLVL0) goto exit; Deal with potential race with CPU_OFF /* * Ensure that we do not cancel an inflight * power off request * for the target cpu. That would leave * it in a zombie wfi */ do { psysr = fvp_pwrc_read_psysr(mpidr); } while (psysr & PSYSR_AFF_L0); Set up warm boot linear_id = platform_get_core_pos(mpidr); fvp_mboxes = (mailbox *) (TZDRAM_BASE + MBOX_OFF); fvp_mboxes[linear_id].value = sec_entrypoint; flush_dcache_range( (unsigned long) &fvp_mboxes[linear_id], sizeof(unsigned long)); Program power controller fvp_pwrc_write_pponr(mpidr); 51

52 ./bl1/aarch64/bl1_entrypoint.s If PSCI provided an entrypoint, then jump to BL3 1 (either hotplug or resume from idle) 52

53 common/psci/psci_entry.s Jump into OSPM entry point Call psci_afflvl_power_on_finish on coherent stacks 53

54 psci_afflvl_power_on_finish Take CPU Node Lock psci_afflvl0_on_finish( ) //bl31/common/psci_common.c //bl31/common/psci_afflvl_on.c fvp_affinst_on_finish(..,afflevel0, ) //plat/fvp/fvp_pm.c turn on intra cluster coherency zero out mailbox, enable GIC, enable access to system counter install exception handlers,enable mmu and caching, EL3 setup psci_get_ns_entry_info() //bl31/common/psci_common.c set up return non-secure Exception Level Take Cluster Node Lock Affinity Level 0/CPU psci_afflvl1_on_finish( ) //bl31/common/psci_afflvl_on.c fvp_affinst_on_finish(..,afflevel1, ) //plat/fvp/fvp_pm.c enable CCI Affinity Level 1/Cluster update CPU Node State to ON update cluster Node State to ON Release Cluster Node Lock Affinity Level 0/CPU Affinity Level 1/Cluster Affinity Level 1/Cluster Release CPU Node Lock Affinity Level 0/CPU 54

55 Further reading GitHub Usage Guide Porting Guide SMC Calling Convention PSCI spec ARMv8 ARM 55